[Owasp-csrfguard] Token landing page issue when accessing application URL
pradtke at stanford.edu
Fri Jul 27 16:51:47 UTC 2012
Why are you using 'NewTokenLandingPage'?
IMHO if you want users to have direct access to a URL, don't protect
that URL with CSRFGuard.
On 7/25/12 12:12 PM, Amol Walunjkar wrote:
> We have one requirement in our application. In this, the user of our
> application will receive an email which contains a hyperlink using which
> he can directly go to one of the functionality of the application.
> We have utilized OSWAP framework for providing security against CSRF.
> In the properties file we have set the "NewTokenLandingPage" property to
> home page our application.
> Now the problem is that, when user launch the hyperlink from the email
> he received to access specific functionality he is always taken to the
> home page instead of the directed URL in the email.
> In the documentation it is said that all query-string form parameters
> sent with the original request will be discarded. But then, if we have
> to implement such behavior in application which is the solution for this.
> Does the current OSWAP framework for CSRF support such custom requirement ?
> Please advice
> Thanks in advance
> Owasp-csrfguard mailing list
> Owasp-csrfguard at lists.owasp.org
More information about the Owasp-csrfguard